cbcvebase.
CVE-2015-2994
published 2015-06-08

CVE-2015-2994: Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a…

PriorityP261medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
49.79%
98.8th percentile
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

Affected

1 ranges
VendorProductVersion rangeFixed in
sysaidsysaid<= 15.1

Detection & IOCsextracted from sources · hover to see the quote

pathChangePhoto.jsp
pathicons/user_photo/
url/sysaid/Login.jsp
port8080
  • Alert on HTTP GET requests to files under icons/user_photo/ with a .jsp extension, which indicates post-upload webshell execution.
  • The exploit response body contains the string 'parent.glSelectedImageUrl' with the uploaded file path — monitor HTTP responses from ChangePhoto.jsp for this pattern to identify successful uploads.
  • Version fingerprinting: the exploit checks for CSS version string matching 'css/master.css?v14.4' in errorInSignUp.htm to confirm a vulnerable SysAid instance.
  • The Metasploit module targets SysAid on port 8080 by default under the /sysaid path; monitor for authentication (POST to Login.jsp) followed immediately by a multipart upload to ChangePhoto.jsp from the same source IP.
  • ·Exploitation requires valid administrator credentials; the vulnerability alone is not unauthenticated. A related auxiliary module may be used to create an admin account as a prerequisite step.
  • ·The module has only been tested against SysAid v14.4 on Linux and Windows; behavior on other versions is unconfirmed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.